Hospital Management System Project Hospital Management System — known CVE vulnerabilities
Every CVE whose affected-product data names Hospital Management System Project Hospital Management System, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (43)
CVE-2021-38754 — CVSS 9.8 (critical): SQL Injection vulnerability in Hospital Management System due to lack of input validation in messearch.php.
CVE-2021-44095 — CVSS 9.8 (critical): A SQL injection vulnerability exists in ProjectWorlds Hospital Management System in php 1.0 on login page that allows a remote attacker to…
CVE-2022-24136 — CVSS 9.8 (critical): Hospital Management System v1.0 is affected by an unrestricted upload of dangerous file type vulerability in treatmentrecord.php. To…
CVE-2022-25490 — CVSS 9.8 (critical): HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in department.php.
CVE-2022-25492 — CVSS 9.8 (critical): HMS v1.0 was discovered to contain a SQL injection vulnerability via the medicineid parameter in ajaxmedicine.php.
CVE-2022-27299 — CVSS 9.8 (critical): Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the component room.php.
CVE-2022-27413 — CVSS 9.8 (critical): Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the adminname parameter in admin.php.
CVE-2022-27420 — CVSS 9.8 (critical): Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the patient_contact parameter in…
CVE-2022-28929 — CVSS 9.8 (critical): Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the delid parameter at viewtreatmentrecord.php.
CVE-2022-30011 — CVSS 9.8 (critical): In HMS 1.0 when requesting appointment.php through POST, multiple parameters can lead to a SQL injection vulnerability.
CVE-2022-30448 — CVSS 9.8 (critical): Hospital Management System in PHP with Source Code (HMS) 1.0 was discovered to contain a File upload vulnerability in treatmentrecord.php.
CVE-2022-30449 — CVSS 9.8 (critical): Hospital Management System in PHP with Source Code (HMS) 1.0 was discovered to contain a SQL injection vulnerability via the editid…
CVE-2022-30516 — CVSS 9.8 (critical): In Hospital-Management-System v1.0, the editid parameter in the doctor.php page is vulnerable to SQL injection attacks.
CVE-2022-32093 — CVSS 9.8 (critical): Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at adminlogin.php.
CVE-2022-32094 — CVSS 9.8 (critical): Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at doctorlogin.php.
CVE-2022-32095 — CVSS 9.8 (critical): Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter at orders.php.
CVE-2022-38637 — CVSS 9.8 (critical): Hospital Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the Username and Password parameters…
CVE-2022-48120 — CVSS 9.8 (critical): SQL Injection vulnerability in kishan0725 Hospital Management System thru commit 4770d740f2512693ef8fd9aa10a8d17f79fad9bd (on March 13…
CVE-2023-43909 — CVSS 9.1 (critical): Hospital Management System thru commit 4770d was discovered to contain a SQL injection vulnerability via the app_contact parameter in…
CVE-2022-26546 — CVSS 9.1 (critical): Hospital Management System v1.0 was discovered to lack an authorization component, allowing attackers to access sensitive information and…
CVE-2022-25402 — CVSS 9.1 (critical): An incorrect access control issue in HMS v1.0 allows unauthenticated attackers to read and modify all PHP files.
CVE-2022-46093 — CVSS 8.2 (high): Hospital Management System v1.0 is vulnerable to SQL Injection. Attackers can gain administrator privileges without the need for a password.
CVE-2022-25491 — CVSS 7.5 (high): HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in appointment.php.
CVE-2022-30012 — CVSS 7.5 (high): In the POST request of the appointment.php page of HMS v.0, there are SQL injection vulnerabilities in multiple parameters, and database…
CVE-2022-34590 — CVSS 7.2 (high): Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in /HMS/admin.php.
CVE-2023-3809 — CVSS 6.3 (medium): A vulnerability was found in Hospital Management System 1.0. It has been classified as critical. This affects an unknown part of the file…
CVE-2023-3811 — CVSS 6.3 (medium): A vulnerability was found in Hospital Management System 1.0. It has been rated as critical. This issue affects some unknown processing of…
CVE-2023-3808 — CVSS 6.3 (medium): A vulnerability was found in Hospital Management System 1.0 and classified as critical. Affected by this issue is some unknown…
CVE-2024-11674 — CVSS 6.3 (medium): A vulnerability, which was classified as critical, was found in CodeAstro Hospital Management System 1.0. Affected is an unknown function…
CVE-2023-4176 — CVSS 6.3 (medium): A vulnerability was found in SourceCodester Hospital Management System 1.0. It has been classified as critical. This affects an unknown…
CVE-2023-3810 — CVSS 6.3 (medium): A vulnerability was found in Hospital Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of…
CVE-2021-38756 — CVSS 6.1 (medium): Persistent cross-site scripting (XSS) in Hospital Management System targeted towards web admin through prescribe.php.
CVE-2021-38757 — CVSS 6.1 (medium): Persistent cross-site scripting (XSS) in Hospital Management System targeted towards web admin through contact.php.
CVE-2022-25493 — CVSS 6.1 (medium): HMS v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via treatmentrecord.php.
CVE-2022-25407 — CVSS 5.4 (medium): Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Doctor parameter at…
CVE-2022-25408 — CVSS 5.4 (medium): Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the dpassword parameter at…
CVE-2022-25409 — CVSS 5.4 (medium): Hospital Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the demail parameter at…
CVE-2024-11678 — CVSS 3.5 (low): A vulnerability was found in CodeAstro Hospital Management System 1.0. It has been declared as problematic. This vulnerability affects…
CVE-2024-11676 — CVSS 3.5 (low): A vulnerability was found in CodeAstro Hospital Management System 1.0 and classified as problematic. Affected by this issue is some unknown…
CVE-2024-11677 — CVSS 3.5 (low): A vulnerability was found in CodeAstro Hospital Management System 1.0. It has been classified as problematic. This affects an unknown part…